CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2011

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-3867 189 DoS Exec Code 2011-09-28 2011-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
2 CVE-2011-3866 264 2011-09-28 2011-09-29
4.3
None Remote Medium Not required Partial None None
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.
3 CVE-2011-3865 79 XSS 2011-09-28 2012-05-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
4 CVE-2011-3864 79 XSS 2011-09-28 2012-05-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
5 CVE-2011-3863 79 XSS 2011-09-28 2012-05-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
6 CVE-2011-3862 79 XSS 2011-09-28 2011-10-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
7 CVE-2011-3861 79 XSS 2011-09-28 2012-05-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
8 CVE-2011-3860 79 XSS 2011-09-28 2011-10-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Cover WP theme before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
9 CVE-2011-3859 79 XSS 2011-09-28 2012-05-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
10 CVE-2011-3858 79 XSS 2011-09-28 2012-05-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
11 CVE-2011-3857 79 XSS 2011-09-28 2012-05-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
12 CVE-2011-3856 79 XSS 2011-09-28 2012-05-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
13 CVE-2011-3855 79 XSS 2011-09-28 2012-05-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
14 CVE-2011-3854 79 XSS 2011-09-28 2011-10-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
15 CVE-2011-3853 79 XSS 2011-09-28 2012-05-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
16 CVE-2011-3852 79 XSS 2011-09-28 2012-05-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
17 CVE-2011-3851 79 XSS 2011-09-28 2012-05-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
18 CVE-2011-3850 79 XSS 2011-09-28 2011-10-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
19 CVE-2011-3826 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Zikula 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/voodoodolly/version.php and certain other files.
20 CVE-2011-3825 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files.
21 CVE-2011-3824 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files.
22 CVE-2011-3823 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Yamamah 1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/default/index.php and certain other files.
23 CVE-2011-3822 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
XOOPS 2.5.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/system/xoops_version.php and certain other files.
24 CVE-2011-3821 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
xajax 0.6 beta1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xajax_core/plugin_layer/xajaxScriptPlugin.inc.php and certain other files.
25 CVE-2011-3820 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/prestart.php and certain other files.
26 CVE-2011-3819 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
WoW Server Status 4.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by status.php and certain other files.
27 CVE-2011-3818 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by wp-admin/includes/user.php and certain other files.
28 CVE-2011-3817 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Website Baker 2.8.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/media/parameters.php and certain other files. NOTE: this might overlap CVE-2005-2436.
29 CVE-2011-3816 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
WEBinsta mailing list manager 1.3e allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by install/install3.php and certain other files.
30 CVE-2011-3815 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
WeBid 1.0.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by js/calendar.php and certain other files.
31 CVE-2011-3814 200 +Info 2011-09-23 2012-10-12
5.0
None Remote Low Not required Partial None None
WebCalendar 1.2.3, and other versions before 1.2.5, allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by ws/user_mod.php and certain other files.
32 CVE-2011-3813 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/language/dutch.inc.php and certain other files.
33 CVE-2011-3812 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Vanilla 2.0.16 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Minify/min/utils.php and certain other files.
34 CVE-2011-3811 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
TomatoCart 1.1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/system/offline.php and certain other files.
35 CVE-2011-3810 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by i_frames/i_register.php.
36 CVE-2011-3809 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files.
37 CVE-2011-3808 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
The Bug Genie 2.1.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/svn_integration/config.inc.php and certain other files.
38 CVE-2011-3807 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Textpattern 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/txplib_db.php and certain other files.
39 CVE-2011-3806 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
TCExam 11.1.015 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/code/tce_page_footer.php and certain other files.
40 CVE-2011-3805 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files.
41 CVE-2011-3804 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
SweetRice 0.7.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by _plugin/tiny_mce/plugins/advimage/images.php.
42 CVE-2011-3803 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
SugarCRM 6.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Sugar5/layout_utils.php and certain other files.
43 CVE-2011-3802 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files.
44 CVE-2011-3801 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
SimpleTest 1.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by test/visual_test.php and certain other files.
45 CVE-2011-3800 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Serendipity 1.5.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/newspaper/layout.php and certain other files.
46 CVE-2011-3799 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
ReOS 2.0.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by padmin/blocks/vergal.php and certain other files.
47 CVE-2011-3798 200 +Info 2011-09-23 2012-10-24
5.0
None Remote Low Not required Partial None None
Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by classes/pear.php and certain other files.
48 CVE-2011-3797 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by public/upgrade/templates/layout.php and certain other files.
49 CVE-2011-3796 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by product-sort.php and certain other files.
50 CVE-2011-3795 200 +Info 2011-09-23 2012-05-21
5.0
None Remote Low Not required Partial None None
Podcast Generator 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by core/themes.php and certain other files.
Total number of vulnerabilities : 389   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.